CVE-2015-8551 — MEDIUM (6.0)

Q: How severe is CVE-2015-8551?

CVE-2015-8551 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8551?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.

Vulnerability Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.1, <= 3.1.10
Debian	Debian Linux	7.0
Opensuse	Opensuse	13.1
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Real Time Extension	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Suse	Linux Enterprise Workstation Extension	12

Related Weaknesses (CWE)

CWE-476

References

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlMailing ListThird Party Advisory
http://www.debian.org/security/2016/dsa-3434Third Party Advisory
http://www.securityfocus.com/bid/79546Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034480Third Party AdvisoryVDB Entry
http://xenbits.xen.org/xsa/advisory-157.htmlVendor Advisory
https://security.gentoo.org/glsa/201604-03Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2015-8551?

CVE-2015-8551 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of ser...

How severe is CVE-2015-8551?

CVE-2015-8551 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8551?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.